As host of the old “Future Tense” program, one of my favorite topics to cover was cyber warfare. If I brought any bias to the topic, it was on the side of those who maintained that much of the predictive writing was alarmist. But in Foreign Policy, John Arquilla of the U.S. Naval Postgraduate School makes a good case that there’s no longer a debate how real the threat is.

“Cyberwar is here, and it is here to stay,” writes Arquilla.

He cites a couple of examples.

Estonia:

The 2007 cyberwar against Estonia, apparently arising out of ethnic Russian anger over removal of a World War II monument, offered a clear example. The attack was initially highly disruptive, forcing the government to take swift, widespread measures to install security patches, improve firewalls, and make strong encryption tools available to the people. Estonia is small, but one of the world’s most wired countries; 97 percent of its people do all their banking online. Costs inflicted by the attacks — from business interruption and disruption to the need to erect new defenses — are estimated in the many millions of euros. A scaled-up version of this kind of cyberwar, to America-sized attacks, would cause damage in the hundreds of billions of dollars.

Georgia:

When Russian tanks rolled into Georgia in 2008, their advance was greatly eased by cyberattacks on Tbilisi’s command, control, and communications systems, which were swiftly and nearly completely disrupted.

Iran:

The Stuxnet worm, which struck directly at Iranian nuclear-enrichment capabilities, is another example of strategic cyberattack — what I prefer to call “cybotage.” But will it achieve the larger goal of stopping Iranian proliferation efforts? Not on its own, no more than the Israeli air raid on the Osirak nuclear reactor 30 years ago ended the Iraqi nuclear program. Iraq’s pursuit of nuclear technology simply became more covert after the Osirak attack, and the same will surely hold true for Iran today.

While arguing that cyber ware is very real, Arquilla writes that cyber war on its own is not likely to be effective:

Engaging in disruptive cyberattacks alone is hardly a way to win wars. Think about aerial bombing again: Societies have been standing up to it for the better part of a century, and almost all such campaigns have failed. Civilian populations are just as likely, perhaps even more so, to withstand assaults by bits and bytes. If highly destructive bombing hasn’t been able to break the human will, disruptive computer pinging surely won’t.

But Arquilla also sees bigger battles in the cyber wars ahead:

…smaller-scale cyberwar exploits might eventually scale up, given the clear vulnerability of advanced militaries and the various communications systems that cover more of the world every day. This is why I think cyberwar is destined to play an increasingly prominent role in future wars. Yes, some cyberweapons do require substantial investment of resources and manpower, as Rid suggests. But once created, they can be used in ways that easily overcome existing defenses. Even for those exploits that don’t require significant resources, like the campaign against Estonia, the lesson remains clear: The advantage lies with those who take the offensive.